Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7 Dolphin Emulator Advisory MGASA-2020-0193 Moderate Security Issue

mageia
Calendar Grey May 5, 2020
Dist Mageia Esm H88
The latest dolphin-emu updates patch significant Denial of Service flaws linked to the SoundTouch library. Check advisory for more info.
Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2

Summary


Updated dolphin-emu package fixes security vulnerabilities
Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues:
- The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258)
- The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259).
- The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260).
- Reachable assertion in RateTransposer::setChannels() causi...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26555

- http://advisories.mageia.org/MGASA-2018-0331.html

- http://advisories.mageia.org/MGASA-2018-0385.html

- http://advisories.mageia.org/MGASA-2018-0462.html

- https://github.com/dolphin-emu/dolphin/pull/8725

- https://www.cve.org/CVERecord?id=CVE-2017-9258

- https://www.cve.org/CVERecord?id=CVE-2017-9259

- https://www.cve.org/CVERecord?id=CVE-2017-9260

- https://www.cve.org/CVERecord?id=CVE-2018-14044

- https://www.cve.org/CVERecord?id=CVE-2018-14045

- https://www.cve.org/CVERecord?id=CVE-2018-17096

- https://www.cve.org/CVERecord?id=CVE-2018-17097

- https://www.cve.org/CVERecord?id=CVE-2018-17098

- https://www.cve.org/CVERecord?id=CVE-2018-1000223

- https://www.cve.org/CVERecord?id=CVE-undefined

Topics%20covered

Topics Covered

security advisory denial of service security issue Mageia dolphin-emu

Resolution

SRPMS

- 7/tainted/dolphin-emu-5.0.11824-1.mga7.tainted

Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0193.html
Type: security
CVE: CVE-2017-9258, CVE-2017-9259, CVE-2017-9260, CVE-2018-14044, CVE-2018-14045, CVE-2018-17096, CVE-2018-17097, CVE-2018-17098, CVE-2018-1000223,

Topics%20covered

Topics Covered

security advisory denial of service security issue Mageia dolphin-emu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here